Secure Python
Steven D'Aprano
steve at REMOVEME.cybersource.com.au
Wed Nov 15 23:23:11 EST 2006
On Thu, 16 Nov 2006 04:02:58 +0100, Fredrik Tolf wrote:
> Hi List!
>
> I was thinking about secure Python code execution, and I'd really
> appreciate some comments from those who know Python better than I do.
>
> I was thinking that maybe it could be possible to load and run untrusted
> Python code, simply by loading it in a module with a modified version of
> __builtins__. Without any reachable function that do unsafe operations,
> code running from there shouldn't be able to do evil things.
How would you prevent a Denial Of Service attack like this?
# don't try this at home kids! leave this to the professionals!
n = 10000**4
L = []
for i in range(n):
L.append(str(2L**n))
Here's an interesting one. Bug or deliberate attack?
def evens():
# iterator returning even numbers
i = 0
while True:
yield i
i += 2
# now get all the even numbers up to 15
L = [n for n in evens() if n < 15]
--
Steven D'Aprano
More information about the Python-list
mailing list